Re: Improved SYN Cookies: Looking for testers
--Sig_/bEiWjWD8oQNb.ag.VQbG9gv
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Andre Oppermann <andre@freebsd.org> wrote:
> We have a SYN cookie implementation for quite some time now but it
> has some limitations with current realities for window scaling and
> SACK encoding the in the few available bits.
>=20
> This patch updates and improves SYN cookies mainly by:
>=20
> a) encoding of MSS, WSCALE (window scaling) and SACK into the ISN
> (initial sequence number) without the use of timestamp bits.
>=20
> b) switching to the very fast and cryptographically strong SipHash-2-4
> hash MAC algorithm to protect the SYN cookie against forgery.
>=20
> The patch had been reviewed by dwmalone (cookies) and cperciva (siphash).
>=20
> Please find it here for testing:
>=20
> http://people.freebsd.org/~andre/syncookie-20130708.diff
I've been using the patch for a couple of days and didn't notice any
issues so far. Privoxy's regression tests continue to work as expected
as well.
BTW, I think kern/173309 could be closed.
Fabian
--Sig_/bEiWjWD8oQNb.ag.VQbG9gv
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (FreeBSD)
iEYEARECAAYFAlHdXx4ACgkQBYqIVf93VJ2/hwCgtKxRfpacubgmb4uvcQWAhKCW
8HAAnj6vE4HccN9hmWSFsBOE7+VMtXPB
=gv2W
-----END PGP SIGNATURE-----
--Sig_/bEiWjWD8oQNb.ag.VQbG9gv--
討論串 (同標題文章)
完整討論串 (本文為第 2 之 6 篇):